How my Alexa voice assistant’s bedtime routine settles my kids down for an easy bedtime, every single night.

Image for post
Image for post
Photo by Annie Spratt on Unsplash

As parents of young children, we dream of quick and pain-free bedtimes with no tantrums, tears, or bargaining. Our kids, on the other hand, often see bedtime as playtime in a different room with the lights turned down.

To combat this, my wife and I have a strict bedtime routine to ensure our little ones fall asleep happily with the least resistance possible. Our beloved Alexa is a critical member of our team. This is how it works.

Our Amazing Alexa Kids Bedtime Routine

After dinner, it’s time for a bath with some playtime followed by a wash and wind-down time. Then it’s pyjamas on, hair and teeth brushed, and into bed with a bottle of milk and a story. Once the story is done, Alexa takes over. …

Free and open proxy servers promise anonymous internet access, but at what cost?

Never trust an open proxy server
Never trust an open proxy server
Photo by Mikael Seegen on Unsplash

In a world of ever-decreasing online privacy, it’s easy to get sucked into the ‘use an anonymous proxy to stay safe’ narrative. I’ve got nothing against using reputable proxy services or VPNs (virtual private networks), but the ‘free’ proxy services you find on the web can be anything but.

What’s the Difference Between a Proxy and a VPN?

People use proxies and VPNs (Virtual Private Networks) to hide their real IP address and masquerade as other devices on the internet. There are many reasons to do this including bypassing content geo-restrictions, bypassing government filters ( Great Firewall of China), bypassing censorship enforced by your Internet Service Provider (ISP), and hiding your real identity from others online. …

Evading detection and building trust with Captcha challenges and Smishing attacks.

Image for post
Image for post
The latest SMS Phishing message I’ve received from not-my-real phone company

This week I received another SMS Phishing attack which was almost identical to the previous Smishing attack I covered. There were two things that struck me as particularly interesting this time:

  1. The attack used the s.id Indonesian link shortening service
  2. The attack used a Captcha page to limit access to the phishing page to real people only

Thinking about the first point, it’s clear that s.id, the “World’s shortest URL shortener”, has been chosen to minimise the size of the links in the phishing text message. …

How hackers manually escalated from a malicious email to a devastating, company-wide ransomware takeover in under 5 hours.

Image for post
Image for post
Photo by Pixabay from Pexels

(This article aims to contextualize an excellent incident report by Thedfirreport.com. I’ve used my own experience to fill in the gaps to demonstrate how these attacks affect real people in real companies.)

The Attack Started Like Many Others

A phishing email landed in the victim's inbox at around 5 pm UTC and was promptly opened and read. There was nothing particularly suspicious about it. It was a well-written email with a reasonable call to action. There were no urgent demands. It wasn’t claiming to be from the company CEO. …

Every image you post online leaks information about you. This is how anyone can find your location using Open Source Intelligence (OSINT).

Image for post
Image for post
Let’s find the exact location of this photograph together.

Open Source Intelligence In Action — Geolocating a Photograph

Open Source Intelligence (OSINT) is the practice of using public or ‘open source’ information available on the internet to gather intelligence and gain insights on given targets. By combining public data sources you can find answers to a variety of questions that most people wouldn’t think is possible.

For example, the sunset photo above is one I took a couple of years ago while travelling for work. It’s not an instantly recognisable location. It’s probably not even that recognisable to the people who live nearby. …

I got hit by a devastating worm that spread through phishing. This is how it worked and what I learned from it.

Image for post
Image for post
Photo by Miguel Á. Padriñán from Pexels

A long time ago in a world without Multi-Factor Authentication…

The first report came in shortly after 10 am. A user had fallen victim to a phishing attack. Their account was spamming out an unusual amount of email, triggering an alert. Another day, another attack.

The response team hit the big red ‘account breached’ button, locking the compromised account down, then we started to investigate. We were looking for the root cause of the compromise and any damage that had been caused. …

Hacking and defending user accounts
Hacking and defending user accounts
Photo by Andrea Piacquadio from Pexels

User accounts are still the number one target for hackers today. The reason for this is that with a legitimate user account you can access, control, and change all of the information available to that user. To achieve this level of control through a software vulnerability can be incredibly difficult, if not impossible. Yet, with the right username and password, you can do all sorts of incredible things that you shouldn’t. When used as intended, user accounts are very valuable. When used by criminals they are incredibly powerful and dangerous. …

We create and use user accounts without thinking about it, but how do they actually work and how do they keep our things secure?

What is a user account and how do they keep things secure?
What is a user account and how do they keep things secure?
Photo by Micah Williams on Unsplash

A user account is a digital identity used by a person or piece of software. The identity allows us to associate things in the digital world with a real person or a specific application. In an ideal world, a user account will only ever be used by one person or one instance of a software application. Unfortunately, that isn’t always the case. (More on this later).

How Do User Accounts Work?

Identity and Access Management (IAM) is a framework of processes and technologies that enables us to manage digital identities and the things people do with them. A commonly used model which describes what we need from digital identities is IAAA. …

User accounts are something we all use every day. They are a fundamental component of the internet and our increasingly digital world. We use them to protect our information and systems for hackers and cybercriminals, yet user accounts are hacked every day. This hands-on course is about how hackers attack user accounts and how we can defend against these constantly evolving attacks.

User Accounts are Powerful, Valuable, and Easy to Hack

User accounts are still the number one target for hackers today. The reason for this is that with a legitimate user account you can access, control, and change all of the information available to that user. To achieve this level of control through a software vulnerability can be incredibly difficult, if not impossible. Yet, with the right username and password, you can do all sorts of incredible things that you shouldn’t. When used as intended, user accounts are very valuable. When used by criminals they are incredibly powerful and dangerous. …

User accounts are still the number one target for criminals. This is why they are so desirable and how hackers hack user accounts every day.

Image for post
Image for post
Photo by Kelly Sikkema on Unsplash

When we think of cyber attacks we often think of scenes resembling those from Hollywood movies. Cybercriminals, slouched over a keyboard, furiously typing, and hunting for vulnerabilities in a piece of software exposed to the internet.

Security vendors leverage this perception in their marketing efforts. I still find it amazing how much fear selling takes place from companies like Tenable, Rapid7, and Qualys, to name a few. …

About

Craig Hays

Aspiring writer, Cybersecurity Architect, Bug Bounty Hunter, Musician, Movie Producer, Failed Skydiver. https://craighays.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store